Canonical, the company behind the most popular Linux distro, says its web infrastructure is currently under a "sustained, cross-border attack."
Affected sites and services seem to run across the entire Ubuntu gamut, from its website to its blog and even potentially its repos. According to what user reports I could gleam from online forums—given official status pages are down—the problems have been ongoing for hours even if Canonical only officially commented on it recently.
Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.We will provide more information in our official channels as soon as we are able to.May 1, 2026
Importantly, there are reports of the security repo servers at security.ubuntu.com being either slow or down for many users, and indeed when I tried the website it didn't load. Repositories are how Ubuntu users get their updates, and the security repo is, of course, a very important one, as it allows users to download and install important security updates and patches. It is worth noting, however, that updates should still be able to be installed from different mirror repos, which you can choose by selecting one in the 'Download from' dropdown in the Software & Updates tool.
Even the page that lists server statuses is disabled by Canonical. It instead reiterates the same message that Canonical posted to X.
All this follows the disclosure yesterday of a recently discovered vulnerability nicknamed "Copy Fail" which cybersecurity research firm Theori, on Xint.io, explains as meaning the discovery that a "single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017."
It's not known, however, whether this vulnerability has anything to do with the current attack. In fact, Canonical saying that it's a "sustained, cross-border attack" could imply it's not vulnerability-related attack but simply a wide-scale DDoS or something similar. If it is to do with Copy Fail, then perhaps it's only indirectly so—possibly to attempt to prevent some from installing updates that fix the vulnerability.
Cybersecurity company Vercert Analyzer claims that hacktivist group 'The Islamic Cyber Resistance in Iraq – 313 Team' has claimed responsibility for the attack(s) and has sent an extortion message to the Ubuntu team. Though we can't confirm this ourselves and will be waiting for more word from Canonical itself.
